Principal Engineer – Network & Cloud Security

Job Title: Network & Cloud Security Architect

We are seeking a highly experienced Network & Cloud Security Architect to define and execute a comprehensive security strategy across on-premise, hybrid, and multi-cloud environments. This role will lead the adoption of Zero Trust Architecture, drive automation and AI-driven security controls, and ensure the resilience and compliance of all network and cloud assets.

Key Responsibilities

Health and Safety

• Uphold the company code of conduct, policies, and procedures, ensuring integrity and accountability in every aspect of your work.
• All employees have a responsibility to adhere to safety, health, and wellbeing policies, guidelines, and procedures in all actions and decisions.

Network & Cloud Security Strategy

• Define and execute a comprehensive network and cloud security strategy.
• Align strategy with enterprise Cyber Prevent roadmap and risk posture.
• Establish security architecture standards for on-premise, hybrid, and multi-cloud environments.
• Drive Zero Trust Architecture (ZTA) adoption across network and cloud ecosystems.
• Lead transformation toward software-defined and cloud-native security models.

Network Security Architecture & Protection

• Design and implement secure enterprise network architecture.
• Enforce controls for:
  • Perimeter security (Next-Gen Firewalls).
  • Intrusion Detection & Prevention Systems (IDS/IPS).
  • Secure network segmentation and micro-segmentation.
  • Protection against DDoS, lateral movement, and advanced persistent threats (APTs).
  • Secure connectivity frameworks (VPN, ZTNA, SD-WAN security).
  • Secure integration across enterprise environments, partners, and third parties.

Cloud Security (Multi-Cloud & Hybrid)

• Lead security strategy across AWS, Azure, GCP, and private cloud environments.
• Implement:
  • Cloud Security Posture Management (CSPM).
  • Cloud Workload Protection Platforms (CWPP).
  • Cloud Infrastructure Entitlement Management (CIEM).
• Ensure secure cloud configurations, identity models, and access controls.
• Protect workloads across IaaS, PaaS, and SaaS environments.
• Drive compliance with cloud security frameworks (CIS, NIST, ISO, CSA).

Secure Cloud Architecture & DevSecOps Integration

• Embed security into cloud-native architectures and application deployment pipelines.
• Integrate security into CI/CD pipelines and DevSecOps practices.
• Enable automated security testing:
  • Infrastructure as Code (IaC) scanning.
  • Container image security scanning.
• Ensure secure Kubernetes and container environments.
• Promote shift-left security approach.

Zero Trust & Identity-Aware Networking

• Implement Zero Trust Network Access (ZTNA) frameworks.
• Enforce identity-based access control and authentication mechanisms.
• Ensure least privilege access across network and cloud environments.
• Integrate security with IAM and PAM systems.
• Enable continuous verification of users, devices, and workloads.

Automation & AI-Driven Security Controls

• Implement AI/ML-driven threat detection and prevention mechanisms.
• Drive automation in:
  • Threat detection and response.
  • Policy enforcement.
  • Configuration management.
• Reduce manual overhead through security orchestration and automation (SOAR).
• Enable real-time adaptive security controls.

Threat Prevention & Network Monitoring

• Establish continuous monitoring for:
  • Network traffic anomalies.
  • Suspicious behavior patterns.
  • Cloud activity logs.
• Integrate with SIEM/XDR platforms for centralized visibility.
• Improve detection of east-west and north-south traffic threats.
• Enable proactive threat intelligence integration.

Vulnerability Management Integration

• Collaborate with vulnerability management teams for:
  • Network infrastructure vulnerabilities.
  • Cloud misconfigurations.
• Ensure timely remediation of critical security gaps.
• Reduce attack surface across network and cloud assets.
• Maintain continuous risk visibility.

Third-Party & Connectivity Security

• Secure third-party network connections and integrations.
• Define and enforce vendor access security policies.
• Ensure risk visibility across external connections and partner ecosystems.

DDoS Protection

• Configure, optimize, and maintain Anti-DDoS systems to protect against all types of DDoS attacks.

Operational Excellence & Service Resilience

• Ensure always-on availability of network and cloud security controls.
• Optimize performance of security tools and platforms.
• Drive standardization, automation, and process maturity.
• Establish resilient and scalable security architecture.
• Continuously improve based on threat intelligence and incident learnings.

Compliance, Risk & Governance

• Ensure adherence to:
  • Regulatory standards (GDPR, PCI-DSS, etc.).
  • Internal security policies.
• Support risk assessments, audits, and regulatory reporting.
• Maintain compliance dashboards and metrics.
• Ensure alignment with enterprise risk management framework.

Core Competencies, Knowledge, and Experience

Business Competencies

• Strong ability to align security with business transformation and cloud adoption.
• Stakeholder collaboration across IT, DevOps, and business teams.
• Risk-based decision-making with business impact awareness.

Functional Competencies

• Deep expertise in:
  • Network security architecture.
  • Cloud security frameworks and platforms.
  • Hybrid infrastructure security models.
• Strong understanding of emerging threats in cloud and network domains.

Technical Skills

• Zero Trust Architecture implementation.
• Networking technologies: Firewalls, IPS, WAF, NAC.
• Container and Kubernetes security.
• Cloud technologies: AWS, Azure, GCP.

Hands-On Experience

Perimeter & Border Controls

• Next Generation Firewalls (NGFW).
• Web Application Firewalls (WAF).
• Bot Management & Account Takeover Protection (ATO).
• Intrusion Prevention Systems (IPS).
• DDoS Mitigation (Anti-DDoS).
• Network Detection and Response (NDR).
• Web & Email Security Gateways (WSG/ESG).
• API Security Gateways.

Secure Access & Connectivity

• Virtual Private Networks (VPN).
• Network Access Control (NAC).
• Zero Trust Network Access (ZTNA).
• Secure Access Service Edge (SASE).

Cloud & Container Security

• Cloud Firewalls / Security Groups.
• Cloud Access Security Brokers (CASB).
• Cloud Security Posture Management (CSPM).
• Cloud-Native Application Protection Platforms (CNAPP).
• Cloud Workload Protection Platforms (CWPP).
• Container and Kubernetes Security.

Leadership Competencies

• Strong leadership in driving cross-functional initiatives.
• Ability to influence enterprise architecture decisions.
• Innovation mindset with focus on AI and automation adoption.
• Strong execution, delivery, and transformation leadership.

Qualifications

• Bachelor’s degree in Cyber Security, IT, Engineering, or related field.
• 5-10+ years of experience in network and/or cloud security.
• Proven experience in enterprise-scale cloud security and network protection.

Certifications (preferred):

• CISSP, CCSP, CISM.
• AWS/Azure/GCP Security Certifications.
• Cisco / Network Security certifications.